class AdminTagger
- AdminTagger
- Tagger
- Reference
- Object
Overview
Flags administrative / privileged endpoints. These are high-value targets for broken access control, privilege escalation, and forced browsing — surfacing them tells a reviewer where the blast radius of a missing authorization check is largest.
Defined in:
tagger/taggers/admin.crConstant Summary
-
READ_ONLY_METHODS =
Set {"GET", "HEAD", "OPTIONS"} -
STRONG_PATH_PARTS =
Set {"admin", "admins", "administrator", "administration", "administrative", "superuser", "superadmin", "sysadmin", "backoffice", "impersonate", "godmode"} -
Path segments that strongly imply an administrative surface. Matched as whole path segments (after splitting on
/,-,_,.) so/admin/usersmatches but/badmintondoes not./wp-adminand/super-adminare covered too: the split yields anadmintoken.superadmin(no separator) is listed explicitly since the split can't recover it. -
STRONG_PRIVILEGE_PARAM_NAMES =
Set {"is_admin", "is_superuser", "is_superadmin", "is_staff", "is_root", "make_admin", "grant_admin", "admin_only", "superadmin", "sudo", "impersonate"} -
Parameter names that imply a privilege/role grant regardless of the route or method, e.g. a generic
/users/{id}PATCH that acceptsis_admin. These are specific enough to flag on their own. Matched separator-insensitively vianormalize_param_name, sois_admin,isAdmin, andis-adminall collapse to the same key. -
STRONG_PRIVILEGE_PARAM_NAMES_NORMALIZED =
STRONG_PRIVILEGE_PARAM_NAMES.map(&.gsub(/[-_]/, "")).to_set -
WEAK_PRIVILEGE_PARAM_NAMES =
Set {"run_as", "as_user", "elevate", "privilege", "privileged"} -
Weaker, more generic privilege hints. These also appear as read-only filters (
GET /roles?privilege=x,?as_user=...view switching), so only flag them on a state-changing (non-read) method. -
WEAK_PRIVILEGE_PARAM_NAMES_NORMALIZED =
WEAK_PRIVILEGE_PARAM_NAMES.map(&.gsub(/[-_]/, "")).to_set